Banking Trojan on Android? It Can Take Over Your Device!
Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo, now enhanced with capabilities for Device Takeover (DTO) and executing fraudulent transactions.
The author has named this new version “Octo2,” according to the Dutch security firm ThreatFabric, and campaigns distributing this malware have been detected in European countries like Italy, Poland, Moldova, and Hungary.
Enhanced Capabilities
“The developers of this banking trojan have taken steps to improve the stability of the remote action capabilities required for device takeover attacks,” the company stated.
Below are some of the malicious apps containing this banking trojan:
- European Company (com.xsusb_restore3)
- Google Chrome (com.havirtual06numberresources)
- NordVPN (com.handedfastee5)
A Banking Trojan with History
Octo was first detected in early 2022 and is described as the work of a threat actor using the online aliases Architect and goodluck. It has been assessed as a “direct descendant” of another banking trojan, the Exobot malware, which was first detected in 2016 and later spawned a variant called Coper in 2021.
“Based on the source code of the Marcher banking trojan, Exobot targeted financial institutions in campaigns in Turkey, France, Germany, Australia, Thailand, and Japan,” ThreatFabric noted.
Later, a ‘lite’ version called ExobotCompact was introduced.
Octo2 and Its Evolution
The emergence of Octo2 was primarily driven by the leak of Octo’s source code earlier this year. This allowed other threat actors to develop multiple variants of the malware, increasing its impact on the threat landscape.
Another major development is Octo’s transition into a Malware-as-a-Service (MaaS) operation, enabling monetization by offering it to cybercriminals interested in conducting data theft operations.
Constant Evolution
This banking trojan’s ability to commit device fraud and intercept sensitive data makes it a growing threat to mobile banking users worldwide. Its ease of customization adds even more risks, making it one of the most significant threats today.
Related Posts
Zero Trust Implementation: The Ultimate Defense
Zero Trust implementation has become an essential solution based on the principle that…
Productivity with Copilot: Transform the way you work with AI
Artificial intelligence has changed the way we interact with technology, and Productivity with…
Defender for Cloud Apps Integration: Automatic Security
The Defender for Cloud Apps Integration with advanced automation tools enables efficient alert…
Ultimate Guide to Mastering Power Automate in 2025!
If you're looking for the Ultimate Guide to learning how to automate tasks…